package com.itzz.spring_zhoneHeng.controller;

import com.itzz.spring_zhoneHeng.base.RestResponse;
import com.itzz.spring_zhoneHeng.pojo.User;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

import java.util.Collection;

@RestController
public class CartController {
    @RequestMapping("/cart")
    @ResponseBody
//    @PreAuthorize("hasAnyAuthority('user')")  一个是权限认证  一个是角色认证
    @PreAuthorize("hasRole('ROLE_a')")
    public RestResponse cart(Authentication authentication) {
        User principal = (User) authentication.getPrincipal();
        return RestResponse.ok(principal);
    }

    @RequestMapping("/getInfo")
    @ResponseBody
    public RestResponse getInfo(Authentication authentication) {
        //获取当前登录用户
        User principal = (User) authentication.getPrincipal();
        return RestResponse.ok(principal);
    }



//    @RequestMapping("/cart2")
//    @ResponseBody
//    public RestResponse cart2(Authentication authentication) {
//        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
//        return RestResponse.ok(authorities);
//    }
}
